public class NuxeoAuthenticationFilter extends Object implements javax.servlet.Filter
Also handles logout and identity switch.
Modifier and Type | Field and Description |
---|---|
protected boolean |
avoidReauthenticate |
protected boolean |
byPassAuthenticationLog
On WebEngine (Jetty) we don't have JMS enabled so we should disable log
|
protected com.codahale.metrics.Counter |
concurrentCount |
protected com.codahale.metrics.Counter |
concurrentMaxCount |
static String |
DEFAULT_START_PAGE |
protected static Principal |
DIRECTORY_ERROR_PRINCIPAL
Used internally as a marker.
|
protected static Boolean |
isLoginSynchronized |
static String |
LOGIN_DOMAIN
LoginContext domain name in use by default in Nuxeo.
|
protected static String |
LOGIN_JMS_CATEGORY |
protected com.codahale.metrics.Counter |
loginCount |
protected com.codahale.metrics.MetricRegistry |
registry |
protected com.codahale.metrics.Timer |
requestTimer |
protected String |
securityDomain
Which security domain to use
|
protected PluggableAuthenticationService |
service |
protected List<String> |
unAuthenticatedURLPrefix |
protected ReentrantReadWriteLock |
unAuthenticatedURLPrefixLock |
protected static String |
XMLHTTP_REQUEST_TYPE |
Constructor and Description |
---|
NuxeoAuthenticationFilter() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
bypassAuth(javax.servlet.http.HttpServletRequest httpRequest) |
void |
destroy() |
protected Principal |
doAuthenticate(CachableUserIdentificationInfo cachableUserIdent,
javax.servlet.http.HttpServletRequest httpRequest) |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
void |
doFilterInternal(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
doInitIfNeeded() |
NuxeoAuthenticationPlugin |
getAuthenticator(CachableUserIdentificationInfo ci) |
protected static String |
getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest) |
static String |
getRequestedPage(javax.servlet.ServletRequest request) |
static String |
getRequestedUrl(javax.servlet.http.HttpServletRequest httpRequest) |
protected static String |
getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse) |
protected boolean |
handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse) |
protected boolean |
handleLogout(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
CachableUserIdentificationInfo cachedUserInfo) |
protected UserIdentificationInfo |
handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse) |
void |
init(javax.servlet.FilterConfig config) |
protected void |
initUnAuthenticatedURLPrefix() |
protected static boolean |
isLoginSynchronized() |
protected boolean |
isStartPageValid(String startPage) |
protected boolean |
logAuthenticationAttempt(UserIdentificationInfo userInfo,
boolean success) |
static LoginContext |
loginAs(String username)
Does a forced login as the given user.
|
protected boolean |
logLogout(UserIdentificationInfo userInfo) |
protected boolean |
needSessionSaving(UserIdentificationInfo userInfo) |
protected void |
propagateUserIdentificationInformation(CachableUserIdentificationInfo cachableUserIdent) |
protected static CachableUserIdentificationInfo |
retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest) |
boolean |
saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse)
Save requested URL before redirecting to login form.
|
protected static boolean |
sendAuthenticationEvent(UserIdentificationInfo userInfo,
String eventId,
String comment) |
public static final String DEFAULT_START_PAGE
public static final String LOGIN_DOMAIN
protected static final String XMLHTTP_REQUEST_TYPE
protected static final String LOGIN_JMS_CATEGORY
protected static Boolean isLoginSynchronized
protected static final Principal DIRECTORY_ERROR_PRINCIPAL
protected final boolean avoidReauthenticate
protected volatile PluggableAuthenticationService service
protected ReentrantReadWriteLock unAuthenticatedURLPrefixLock
protected List<String> unAuthenticatedURLPrefix
protected boolean byPassAuthenticationLog
protected String securityDomain
protected final com.codahale.metrics.MetricRegistry registry
protected final com.codahale.metrics.Timer requestTimer
protected final com.codahale.metrics.Counter concurrentCount
protected final com.codahale.metrics.Counter concurrentMaxCount
protected final com.codahale.metrics.Counter loginCount
public NuxeoAuthenticationFilter()
public void destroy()
destroy
in interface javax.servlet.Filter
protected static boolean sendAuthenticationEvent(UserIdentificationInfo userInfo, String eventId, String comment)
protected boolean logAuthenticationAttempt(UserIdentificationInfo userInfo, boolean success)
protected boolean logLogout(UserIdentificationInfo userInfo)
protected static boolean isLoginSynchronized()
protected Principal doAuthenticate(CachableUserIdentificationInfo cachableUserIdent, javax.servlet.http.HttpServletRequest httpRequest)
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void doFilterInternal(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
public NuxeoAuthenticationPlugin getAuthenticator(CachableUserIdentificationInfo ci)
protected static CachableUserIdentificationInfo retrieveIdentityFromCache(javax.servlet.http.HttpServletRequest httpRequest)
protected void doInitIfNeeded() throws javax.servlet.ServletException
javax.servlet.ServletException
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public boolean saveRequestedURLBeforeRedirect(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
Returns true if target url is a valid startup page.
public static String getRequestedUrl(javax.servlet.http.HttpServletRequest httpRequest)
protected static String getSavedRequestedURL(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected boolean isStartPageValid(String startPage)
protected boolean handleLogout(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, CachableUserIdentificationInfo cachedUserInfo) throws javax.servlet.ServletException
javax.servlet.ServletException
protected void propagateUserIdentificationInformation(CachableUserIdentificationInfo cachableUserIdent)
protected void initUnAuthenticatedURLPrefix()
protected boolean bypassAuth(javax.servlet.http.HttpServletRequest httpRequest)
public static String getRequestedPage(javax.servlet.ServletRequest request)
protected static String getRequestedPage(javax.servlet.http.HttpServletRequest httpRequest)
protected boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse)
protected boolean needSessionSaving(UserIdentificationInfo userInfo)
public static LoginContext loginAs(String username) throws LoginException
username
- the user namefinally
blockLoginException
Copyright © 2015 Nuxeo SA. All rights reserved.